bZx

🚨 PLEASE NOTE: bZx experienced multiple exploits in February 2020 which resulted in their timelock being removed so that the smart contracts could be upgraded. Below refers to their standard operating procedure, which is not currently in effect.

bZx's protocol is upgradeable via a single-signer admin key with a 12 hour timelock. The key is capable of upgrading critical parts of the bZx smart contract ecosystem.

Is the security of user funds dependent on opsec of admin key?

Yes ⚠️

Current Admin Key Config

Timelock: 12 hours 🚨 (temporarily set to zero) Multisig: None

Claimed Admin Key OpSec

None

Verified Admin Key OpSec

Unverifiable ⚠️

Admin Key Address

https://etherscan.io/address/0xBB536EB24Fb89B544d4Bd9e9F1f34D9Fd902bb96

More Info & Documentation

bZx Launch Blog Post Feb 2020 Exploit Post-Mortem 🚨